Policy | Security | Investigation

exonerate

February 28, 2009

What does the law expect of electronic government records? Records enable governments to be transparent. If government keeps good records of its activities and gives citizens easy access to them, then citizens can review government and hold it accountable.

Today most government records are electronic. Accordingly, the German federal government seeks to archive its electronic records, including e-mail. A key initiative under the Federal Ministry of the Interior is DOMEA, a project that sheds light on the legal expectations for e-government records, including electronic mail.

The DOMEA project recognizes that: “Electronic records . . . have to meet the requirements for record keeping in public administrations, which are prescribed in laws, standing orders, regulations and instructions. They include important points, such as:

“1. The completeness, integrity and authenticity of official records, which means that official documents cannot be subsequently altered, changed, removed, destroyed or deleted.

“2. The records principle of public administration, which means that documents have to be appropriately joined together in systematically arranged subject files according to the functions of a particular office.

“3. The accountability and lawfulness of administrative procedures, which means that accountabilities and responsibilities have to be documented in records in the course of business and that the state of affairs and the development of transactions in a given case has to be completely evident in records at any time.”

Of course, the validity of these legal standards is not limited to Germany or even Europe.

If these are the legal standards for government records, then query whether popular enterprise e-mail systems such as Microsoft Exchange and Novell Groupwise are designed to meet these standards. Generally speaking, they are not. They do not support efficient storage, management, protection and searching of vast quantities of e-mail records, collected from a large population of users over an extended period of time. That’s one reason enterprises like governments commonly have policies to destroy most e-mail relatively quickly, such as 90 days after transmission.

But e-mail has become central to the administration of modern government. Very often, e-mail documents official transactions and official delegations of responsibility. It also empowers internal audits and investigations (by for example inspectors general) for fraud, waste, corruption, mismangement and misappropriation of funds.

For some time organizations such as governments have relied on ad hoc methods for retaining e-mail – including the print-and-file method. But e-mail is so voluminous and has become so important that ad hoc solutions are failing.

Last week I led an on-site workshop with the staff of a mid-size county government struggling with this problem. Staff representatives hailed from IT, counsel, finance, administration, internal audit, human resources, risk management and public health services. The county’s e-mail system is Groupwise. The staff concluded that the county needs, in addition to Groupwise, a dedicated e-mail archive appliance. The workshop enabled the staff to write new, modern policy on e-mail archival.

–Benjamin Wright

Mr. Wright teaches e-discovery and e-investigation law at the SANS Institute.

He is an advisor to Messaging Architects, where he leads an in-house workshop to help the stakeholders in an enterprise craft workable policy on the management of email and other eRecords.

P.S. New Mexico's Attorney General (AG) indicted the state's former Secretary of State (SoS) for tax evasion and money laundering tied to alleged kickbacks to her by the recipient of federal grant money. Stephanie Simon, "New Mexico Roiled by New Graft Case," Wall Street Journal, August 22 -23, 2009. Among other things, the indictment alleged that the defendant advanced her crime by fabricating two official records in 2004 -- a paper letter and a paper memo. The indictment came on the heels of thorough document reviews by both federal and state auditors. The auditors said the Secretary of State's office maintained poor records on its management of federal grant money. Email records (which are very hard to forge or spoof successfully) were sparse if non-existent. Furthermore, the Secretary of State's office says it keeps financial records only three years after the close of the fiscal year. Now, the AG and the ex-SoS disagree sharply over the allegations. Had the SoS's office maintained more detailed and complete records (including archived email, supported by time-stamps and other audit trails), this disagreement might now be resolved. Either (a) the ex-SoS would have been deterred at the outset from corruption for fear that the records would betray her, (b) the records would clearly exonerate the ex-SoS, or (c) the records would unambiguously demonstrate the ex-SoS's guilt.

January 11, 2009

Some executives fear that e-mail will come back to haunt them, so they minimize their use of it. And they want corporate e-mail destroyed quickly.

But electronic records came to the rescue of David Stockman, former CEO of bankrupt auto parts maker Collins & Aikman. Stockman and other executives were indicted by prosecutors for alleged lying about the company’s financial condition. Prosecutors apparently based the charges on an investigation by an outside law firm working on behalf the company’s board of directors. Stockman and his co-defendants maintained that they were victims of a rush to justice. They said the law firm and the prosecutors failed to examine all the complex evidence carefully.

They and the government undertook to assemble a database containing 10 million company records, including (no doubt) copious e-mail records. Key topics in the case included C&A's:

* day-to-day internal communications among executives and employees regarding the accounting and invoicing for particular transactions, and

From this massive database, the defendants drew evidence, bit-by-tiny-bit, to tell their side of the story. In a database of this size, the ability to find the right evidence depends much on the careful selection of search methodology and search algorithms. Sometimes the only effective way to comprehend what is in the database is to engage a selective sampling of records.

Eventually the defense prevailed. In an unusual move, the prosecutors withdrew the charges, stating that they had come to reassess the evidence in the case.

In other words, the executives were fortunate that the company retained so many records like e-mail. E-archives exonerated the defendants.

In a putative corporate scandal, the relevant e-mail records can be maddeningly plentiful. A large number of computer-based records is unsurprising in a modern white collar crime investigation or police raid of corporate offices.

In this case, the defendants' legal team patiently mined the company’s email (and other records) to build a convincing case that prosecution was unwarranted.

As the quantity of records in a case swells like this, the ability of parties to review records one-by-one declines. Increasingly the law will favor those who can draw on statistical methods (or linguistic analysis) to tease out the evidence that tells their side of the case.

(David Stockman is most famous as the Ronald Reagan’s budget director in the 1980s.)

–-Benjamin Wright

Mr. Wright is an advisor to Messaging Architects, thought leader in enterprise governance and records management. He also delivers training in cyber defense law at the SANS Institute.

IT Administrators

Twitter

Wright's Google Profile

Custom Professional Training

Local ARMA Quote

"The presentation by Mr. Wright, sponsored by Messaging Architects, was engaging and provocative. He delivered insights that challenged some of our views on retaining e-mail, and definitely shattered others." - Terry Mergele, CRM, Program Chair, San Antonio ARMA.

Blogger

Attorney Benjamin Wright is the author of technology law books, including The Law of Electronic Commerce (Aspen Publishers) and Business Law and Computer Security (SANS). A featured speaker at industry conferences and professional meetings, Wright teaches e-discovery, data security and cyber investigations law at the SANS Institute. Mr. Wright advises clients on digital law and forensic investigations. He is a pioneer in the promotion of public relations to address Internet legal issues and crises. His telephone is 1.214.403.6642. Wright's e-mail is ben_wright at compuserve dot com (put "BLOG" in subject line to distinguish yourself from spam). Mr. Wright graduated from Georgetown University Law Center 1984.

SANS Quote

"The best professional trainer in the country on these issues is Ben Wright." --Stephen H. Chapman, Principal and CEO, Security Advisers, LLC, and student in Mr. Wright's SANS legal training

Important!

No public statement by Mr. Wright (blog, comment, book, article, video, speech, tweet) is legal advice for any particular situation. If you need legal advice, you should consult your lawyer.

The purpose of this blog -- and the purpose of all of Mr. Wright's public statements -- are public education and discussion, and not the delivery of legal, technical or other professional advice. If you need advice or complete information, this blog is not the place to get it. Mr. Wright's public statements are offered as-is, with no warranty of accuracy or reliability. Mr. Wright sometimes revises his published ideas. If you use the ideas, you do so at your own risk.

Mr. Wright's public statements on blogs and the like are not intended to advertise or solicit legal services.

Mr. Wright's contributions to blogs, web courses and the like constitute part of the online update service for the book The Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is a reference for lawyers, published by Wolters Kluwer Law.

The only person responsible for Mr. Wright's words is Mr. Wright.

Mr. Wright has received money from some organizations he mentions online, such as Netmail/Messaging Architects, SANS Institute and LabMD.

Mr. Wright strives to comply with all applicable laws. He does not have and never has had intention to infringe the rights of anyone. If any person has any information, suspicion or belief that Mr. Wright has done anything illegal or unethical, he asks that person promptly to notify him at 1.214.403.6642, Dallas, TX. Also, please state publicly on Mr. Wright's blogs or pages that he is wrong. Promptness helps mitigate damage.

Any person accessing this blog agrees not to use data from it (or from any other public activity or statement by Mr. Wright) in a way that is adverse to Mr. Wright's interests.

Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly so agree. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Exchanging private messages with Mr. Wright does not, by itself, form an attorney-client relationship.

Privacy/Security Vision: Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

E-mail Mr. Wright

Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly, formally agree that the relationship is being formed. He does not give advice to non-clients.